CVE-2023-4535 affecting package opensc for versions less than 0.25.1-3

CVE-2023-4535 affecting package opensc for versions less than 0.25.1-3. An upgraded version of the package is available that resolves this issue...

AZL-35078 CVE-2024-1454 affecting package opensc for versions less than 0.25.1-3

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

AZL-35077 CVE-2023-5992 affecting package opensc for versions less than 0.25.1-3

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

AZL-35076 CVE-2023-4535 affecting package opensc for versions less than 0.25.1-3

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to...

AZL-35074 CVE-2023-40660 affecting package opensc for versions less than 0.25.1-3

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...